Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature request: redact secrets when logging
See original GitHub issueCurrent Behavior
If we make a call with a secret, it will be printed to stdout.
note: I’m only including shell examples for brevity, but this applies to most zx logging 🙂
If we wanted to go one step further, there could also be a $.redact(text: string) method
Example:
const githubUrl = 'https://api.github.com/organizations';
const githubToken = 'ghs_xxxxxxxxx';
await $`curl --silent ${githubUrl} -H "Authorization: Bearer ${githubToken}"`;
// prints:
// $ curl --silent $'https://api.github.com/organizations' -H "Authorization: Bearer ghs_xxxxxxxxx"
// ^ exposed!
Requested Behavior
It would be cool if we could either redact or replace secrets.
For example, with blanket redaction:
const githubUrl = 'https://api.github.com/organizations';
const githubToken = 'ghs_xxxxxxxxx';
$.secrets.push(githubToken); // Example: Blanket redaction
await $`curl --silent ${githubUrl} -H "Authorization: Bearer ${githubToken}"`;
// prints:
// $ curl --silent $'https://api.github.com/organizations' -H "Authorization: Bearer **redacted**"
// ^ hidden
Or with contextual redaction:
const githubUrl = 'https://api.github.com/organizations';
const githubToken = 'ghs_xxxxxxxxx';
$.secrets.githubToken = githubToken; // Example: Contextual redaction
await $`curl --silent ${githubUrl} -H "Authorization: Bearer ${githubToken}"`;
// prints:
// $ curl --silent $'https://api.github.com/organizations' -H "Authorization: Bearer **githubToken**"
// ^ hidden with context
Steps to Reproduce the Problem
covered in Current Behavior section
Specifications
- Version: 7.1.1
- Platform: Linux
Issue Analytics
- State:
- Created 10 months ago
- Comments:5
Top Results From Across the Web
[FEATURE] - Redact secrets from the logs · Issue #130 - GitHub
Going through my logs I noticed that the jackett API key is shown in the logs. Would it be possible to implement the...
Read more >Matteo Collina on Twitter: "You really do not want to log your ...
You really do not want to log your the bodies of your HTTP requests. Why? 1. personal info is there 2. passwords and...
Read more >Secret redaction | Databricks on AWS
Learn how redaction protects Databricks secrets from accidental display and how to ensure proper control of secrets.
Read more >Redacting PII from application log output with ... - Amazon AWS
In its current form, the log output looks like the following code. We can see this by making requests to the endpoint payment...
Read more >Redact passwords in jetty request logs - Stack Overflow
I'm working on an application that sends some sensitive information as plain text via the URL query string. My goal is to customize...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
For fetch we need to add support.
Sure 👌🏻